Six Colors
Six Colors

by Jason Snell & Dan Moren

This Week's Sponsor

Coherence X4 - Turn websites into Chrome-based apps on your Mac. Say goodbye to Electron.

By Jason Snell

Apple in the Enterprise: A 2021 report card

Back to school. (Shutterstock)

For the last six years, we’ve compiled a report card covering how Apple’s been doing across numerous categories of interest to users and developers. It’s been a useful snapshot of the sentiment of people who spend a lot of their time thinking about and participating in the Apple ecosystem.

This year, we’re trying something new. Device-management startup Kandji approached Six Colors to commission a new Report Card, but with a focus on how Apple’s doing in large organizations, including businesses, education, and government. We worked with Kandji and the hosts of the Mac Admins Podcast, Tom Bridge and Charles Edge, to formulate a set of survey questions that would address the big-picture issues regarding Apple in the enterprise. Then we approached people we knew in the community of Apple-device administrators and asked them to participate in the survey.

In the end, 83 people participated, roughly half of whom report that they manage more than 1000 devices. (If you’re an admin who didn’t take the survey, feel free to fill it out.) They rated Apple’s performance in the context of enterprise IT on a scale from 1 to 5 in nine broad areas.

Below, you’ll see the results of the survey, plus choice comments from survey participants. Not all participants are represented; we gave everyone the option to remain anonymous and to not be quoted. Though Kandji commissioned this survey—and we thank everyone there for doing so—it had no oversight over the survey results or the contents of this story, which was compiled and written by Jason Snell of Six Colors.

Overall scores

report card results

In general, scores were a bit lower for this survey than for our general end-of-year-survey. Apple’s strongest results were in its hardware and its commitment to security and privacy. The company scored worst on software and deployment. The rest of the scores averaged in the low 3’s, which we generally map to a C+/B- in terms of American school grades.

Here’s what Tom Bridge of the Mac Admins Podcast had to say when viewing the final results:

I think a lot of the comments come down to admins’ expectations of Apple being so high on the management front because it has delivered so much on the hardware front. No one makes better kit for our users. No one. And it’s not even close.

So why does it feel like we’re getting a partial solution for enterprise management when Apple says they’re the best for this? The disconnect is really strong there, and as a result the elegance that Apple brings to user experience and hardware is diminished by the gymnastics required to support it.

You can’t look at a hardware marvel like the iPad and the software update system in Big Sur and think they were made by the same company. But they were.

So there’s harsh words for Apple here, but it’s because Apple sets its own bar so high. Some initiatives (hardware, security, Apple Business Manager/Zero Touch) succeed while some founder on the rocks (MDM User Enrollment/Managed AppleID, software update, login window). It’s not wrong, however, to expect more from a company with as much raw talent and applied resources as Apple.

For each category, we’ll also provide charts showing how Apple fared in each category based on the number of devices the respondent supports, and in their reported industry. Average scores were 0.4 lower from those who report managing more than 1000 devices, with the most notable gaps coming in enterprise Programs, macOS Identity Management, and MDM protocol and infrastructure. Panelists in education were more positive about Apple’s Security and Privacy, enterprise Service and Support, Deployment, and MDM protocol and infrastructure, while panelists in large businesses were more positive in the remaining five categories.

Enterprise Programs

Grade: C+ (average score: 3.3)

The more devices a panelist managed, the less likely they were to praise Apple. “Apple does what is best for consumers,” wrote Charles Edge, and that’s the truth—which is good for consumers, but not necessarily for admins. Apple’s management portals appear to be improving, but our respondents seemed frustrated with the pace of change and with Apple’s introduction of new tools that weren’t as full-featured as the ones they were replacing.

Tom Bridge wrote: “Apple’s enterprise Services are a very mixed bag. Apple Business Manager (ABM) is an excellent and fairly mature product that enables some incredible user experiences, but Managed Apple IDs are not a useful product for us at this time, due to the limited feature set, limited utility, and frustrating inability to be synced to any SSO providers except Azure Active Directory.”

Charles Edge wrote: “Apple does what is best for consumers. Every feature developed to enable centralized command and control of Apple products must be done in an extremely deliberate fashion, as those options can be weaponized by bad actors if not developed securely. Device management tools can be amazing root kits in the wrong hands! But I do feel confident that when Apple chooses to provide us with a new option to manage a device, it’s done thoughtfully and securely.”

Peter Donato wrote: “Apple knows there are Macs being used in enterprise environments, so why not create an enterprise management utility to help Mac admins properly deploy and manage their devices versus relying on other vendors to do so on their behalf?”

Armin Briegel wrote: “Apple is making good progress linking its management portals (Apple School Manager [ASM] and Apple Business Manager [ABM]) to identity management systems. But still, even when using managed Apple IDs, organizations have to accept the ‘one-size-fits-all’ iCloud account. The deployment of applications purchased through the ‘Apps and Books’ portal is still very unreliable on macOS. Even when it does work, there is little feedback to the user and back to the management system. App Store rules still keep out many third party applications, so admins need to use scripts, packages and agents for installations and updates.”

Bernardo Prieto wrote: “We only use ABM and it works just fine. Nothing exceptional, nothing exciting, just adding devices to the pre-stage enrollment and that’s it. At some point we wanted to get additional information about the enrolled devices (e.g. model, HW details, etc.) and sadly it is not possible.”

Cameron Kay wrote: “Frankly, Apple hasn’t a clue how enterprise IT works and its requirements. It would help if the enterprise features it advertises actually worked. Some simply haven’t been implemented or tested in the operating system.”

Graham Pugh wrote: “The first fundamental of automated device enrollment is that it should not be avoidable. Apple have failed to provide this on macOS.”

Allister Banks wrote: “When it deprecated Software Update feed management it should have provided half-decent replacements in MDM, but instead were too busy scoring own-goals of bone-headedness that are still broken.”

Bart Reardon wrote: “There have been improvements and it feels like there is some ongoing effort being put into the space. Points for effort, but there is plenty of room to grow.”

Peter Wells wrote: “MDM, DEP and VPP are fantastic tools, but we need a way to push critical updates to Macs without anyone being logged in.”

Jason Broccardo wrote: “The overall programs are fine, it’s the services or delivery mechanisms that are lacking.”

Enterprise Service and Support

Grade: C+ (average score: 3.2)

Apple has several enterprise programs. The AppleSeed for IT program received a lot of praise, and Apple’s documentation seems to be improving—but still not great. Panelists expressed their frustration with the Feedback bug-tracking system, which can feel like a black hole—unless you go through a lengthy series of steps (detailed by Andrew Laurence, below) in order to reach someone who might be able to help. And finally, admins expressed disappointment in the AppleCare for Enterprise programs, which hasn’t changed much in years and many find underwhelming.

Keith Medlin wrote: “Support is slow, hard to understand and inflexible. The change a few years ago to the way certifications were handled is a great example. Apple told everyone who was an AMCT (Apple Macintosh Certified Technician) that it no longer needed annual certifications and went years this way. Then, one day an email came through saying that it was reversing direction and started cutting access for people. No advance warning. That’s horrendous client support.”

Bryan Heinz wrote: “Apple’s documentation in some areas has gotten better, but is still largely lacking. Feedback still feels like a black hole and Apple wants businesses to pay money for them to find and fix its own bugs.”

Bernardo Prieto wrote: “At my workplace we cancelled our enterprise support contract with Apple a couple of years ago and just this March we were invited to try again with a monthly trial to figure out if the support was useful for us. So far the experience has been mediocre, to say the least. Most of the tickets were replied with ‘That’s the intended functionality’ kind of responses and probably only one of them with helpful troubleshooting assistance.”

Cameron Kay wrote: “It would be nice if it actually listened to the bugs we filed and actually fixed them in the seed releases for us test. The engineers at Apple seem to be busy building the next great (but broken) thing than to fix any of the current bugs.”

Armin Briegel wrote: “Apple is making good progress in this area. The Apple Seed for IT beta program shows that Apple is willing to work with the Mac admin community. The new deployment reference guides for various admin related topics are excellent. Even though they can be hard to find. (I made a list of Mac admin related articles and guides from Apple.) Apple has added IT relevant sessions back into WWDC and its speakers appeared at other conferences as well.”

Charles Edge wrote: “The documentation program is probably the star over the past year or two. It’s gotten way better, but will never be complete—that’s the nature of documentation.By and large, the vendors who sell technology that wraps Apple APIs up in pretty GUIs fill most of the documentation gaps.”

John Welch wrote: “Apple still has a severe documentation issue, especially with regard to automation languages and tools.”

James Smith wrote: “At one point, an Apple enterprise support person suggested that I could solve an issue facing my fleet by disabling System Integrity Protection (SIP). Disabling SIP should never be a valid step in trying solving an issue facing enterprise deployments.”

Kate Sprague wrote: “The AppleSeed emails are very difficult to read, with almost no formatting to help communicate events and details. The Ask the Apple Engineer sessions are too scripted to be helpful, spending too much time on generic information and not enough on actual questions for the engineers to answer authentically and usefully.”

Andrew Laurence wrote: “The standard of practice for enterprise support includes: have an AppleCare enterprise agreement; file an enterprise support case; file Feedback using the agreement’s managed Apple ID, including impact data (machine count); include references in both to the other; ask your Apple Systems Engineer to file a Voice Of Customer (VOC) on your behalf; amplify your feedback number on social channels in the hopes that others will file duplicates; email all your Apple friends so they can alert the correct development team. That this is necessary indicates that Apple’s internal communications and priorities are severely broken, blind to enterprise needs, neglectful to the point of malice, or all three. The AppleCare enterprise support engineers are remarkable. They have been unfailingly knowledgable, polite, and engaging. Even when a case goes pear-shaped, I cannot fault the ticket support staff.”

Jason Broccardo wrote: “Apple’s documentation (e.g. Platform Security Guide or the Deployment guide) are useful, and I appreciate having them. AppleSeed is worthwhile but can seem a bit chaotic at times, though it’s conceivable that is the fault of Apple’s OS development and delivery process rather than the AppleSeed program. Just like with the Radar system that preceded it, Feedback Assistant is where comments/issues/bug reports go to die. Apple’s lack of response or inadequate response remains troubling.”

Justin Orr wrote: “Apple is finally almost meeting the bare minimum requirement for support and documentation of the services and workflows it suggests Mac admins use instead of our established tools and workflows.”

Bart Reardon wrote: “On the one hand, AppleSeed beta is great. Documentation of new features has been perfectly sufficient. But it’s let down by the feedback system. Unfortunately, almost every issue I had with macOS 11 was dealt with by filling in a Feedback and then notifying Apple employees directly. Kudos to those people. Their contribution this year has been incalculable.”

Nick Derevjanik wrote: “The AppleSeed beta program has allowed our organization to identify and resolve issues before the official release which opened up essentially zero-day support for new operating systems.”

Tom Bridge wrote: “AppleSeed for IT would be worth a 5 rating on its own, and so would Apple’s massively-improved documentation systems, but there are still problems with Apple not documenting enough of its product offering and often shying away from putting limitations of its products in the documentation. Couple this with occasionally inaccurate documentation (say, for example, the Wi-Fi capabilities of the M1 Macs, which advertise the ability to support enterprise roaming, but do not actually implement the technology in software), and you have a less than perfect rating.”

Hardware Reliability and Innovation

Grade: A- (average score: 4.2)

Apple’s top grade in the survey came in this category. We know the positive reception Macs running Apple silicon have gotten, but keep in mind that our survey participants were asked to support an entirely new chip architecture on macOS. This is a crowd that certainly approached Apple’s transition with some trepidation, but the commentary was generally positive.

Jason Broccardo wrote: “We deployed a few hundred 16-inch Macbook Pros last year to replace first generation TouchBar 2017 MacBook Pros, and thus far the newer hardware has had less quirks than we experienced with the 2017 models in their first two years of service (the keyboard being the biggest culprit). I have a single M1 device, a MacBook Air, that was purchased to test and modify our deployment mechanisms and software, and I have to say I impressed with the hardware. I look forward to being able to deploy M1s as I think our users will appreciate the battery life, performance and keyboard.”

Keith Medlin wrote: “While Apple used to be much better, its devices are now full of faults and regularly fail with components like the screens and trackpads. Batteries are notoriously bad now as well.”

Justin Orr wrote: “Apple silicon is fantastic. Seems reliable enough for a brand new platform, we’ll see how the hardware holds up after being in use for an extended period.”

Jordan Merritt wrote: “Our M1 rollout has been fairly smooth with Rosetta and Jamf logic. They’re fast!”

Bart Reardon wrote: “M1’s have been freaking amazing. I initially held off on letting people order them so we could test all our systems but after a week it was clear the issues were very minor.”

Armin Briegel wrote: “Apple is at the top of its game regarding hardware right now. The M1 Macs are not only excellent Macs in their own right, but hold promise for even better things to come in the future. So far, Apple has replaced the entry or consumer level Macs. While these have a place for some enterprise deployments, many ‘Pro’ users (and thus the enterprise) organizations are waiting for more powerful Macs with more RAM, connections and support for multiple displays. Apple is doing the right thing here (so far) by keeping Intel models available for enterprises that are not yet ready to make the leap to Apple silicon. There are some downsides for Apple silicon Macs in enterprises, like the convoluted management of kernel and system extensions and software updates. Apple has also rendered remote locking inefficient for organizations (admin users with physical access can easily bypass it) but I consider these software problems that can be fixed.”

Tom Bridge wrote: “Apple has had a superlative last 12 months. The M1-based Mac computers are best-in-breed machines in a way Apple hasn’t had one since the introduction of the butterfly-switch keyboards. Couple incredible power with incredible battery life and you have a hardware reliability and innovation story that could convince even the most hardened Windows partisan into being an Apple platform enthusiast.”

Andrew Laurence wrote: “Apple’s recent hardware has been excellent. It’s particularly nice to see Apple returning to user-practical design and features: functional keyboards, the new Apple TV remote, the overall excellence of M1 hardware, and the rumored upcoming ‘more ports’ MacBook Pro are just ready examples. It seems that the pig of minimalist purity is finally leaving the snake.”

Patrick Wardle wrote: “Apple silicon is a game changer… both from a usability and a security point of view. Being able to control essentially the entire hardware and software stack, Cupertino is able to create products that work seamlessly and are miles ahead of the competition.”

Charles Edge wrote: “The M1 devices scream, showing Apple continues to innovate not only on the Mac but now the iPad. And the number of computers we have to take out of service due to hardware issues is practically negligible. Oh, and I haven’t had to return a developer device that I bricked while testing some weird new thing in almost two years!”

Cameron Kay wrote: “The Apple silicon hardware is very fast but the management of them is even more difficult than the Intel Macs.”

Timothy Hellum wrote: “Apple has lost much confidence over the past year with the re-introduction of proper keyboards after the butterfly fiasco, killing off Apple displays, ignoring the enterprise space.”

Dave Fisher wrote: “M1 is an exciting evolution in computing. However, I primarily use virtual machines to test and support my clients and the status of these is uncertain with M1 at this time. Additionally, the majority of users I support are developers and use a combination of Virtual Machines and Containers to perform their role… at this time M1 devices do not support the software functions they need to do their work.”

Allister Banks wrote: “16-inch intel MBP’s have charging and battery issues. The dedicated graphics issue with Chromium apps being an open bug for over a year is similarly atrocious.”

Software Reliability and Innovation

Grade: C- (average score: 2.9)

Perception of Apple’s hardware may be riding high, but things are rough on the software side. As Mac users, reaction to Big Sur was all over the map, but as administrators, it was mostly negative. There were lots of complaints about a nearly year-long cycle of Apple shipping buggy initial releases that were gradually patched until they become stable—just in time for the cycle to start over again. Apple’s changes to macOS extensions have added complexity and frustration. Apple’s software-update tools generated quite a lot of strong negative commentary. Also interesting to note: smaller sites gave Apple more credit in this category than larger ones.

Peter Donato wrote: “The transition from kernel extensions to system extensions is an utter nightmare for Mac admins and vendors alike. Aligning the transition to occur at the same time as a major OS release as well as the Intel to ARM processor transition is a terrible schedule.”

Bryan Heinz wrote: “While Rosetta 2 is magic, Big Sur is full of bugs and poor design decisions. Please fix notifications and your Bluetooth stack!”

Timothy Hellum wrote: “Big Sur was clearly released far too early. We are only now (May 2021) working out how to make it deployable with our other enterprise security components.”

Armin Briegel wrote: “I enjoy using Big Sur as a user and recommend my friends and family to upgrade to get the latest features and security patches. But from a Mac admin perspective, Big Sur is a huge failure. At WWDC last year Apple claimed that the software update process would be improved for faster updates. Instead we keep getting multiple Gigabyte sized updates for Safari patches which take 20-30 minutes on a fast Mac, while the equivalent updates on Catalina are a few dozen megabytes and often don’t even require a reboot. Apple has rendered the Software Update process basically unmanageable through a management system, which is a big issue for management and security. In addition, the processes that Apple introduced to allow for the deployment and installation of legacy Kernel Extensions and the new System Extensions are convoluted, complicated and incomplete. For example, there is still no means to uninstall a system extension using a script, management system or MDM command. Apple manages the MacBooks of its employees only lightly, and that’s not an option for every organization. Nevertheless, Apple’s enterprise features are absolutely blind to approaches diverging from its ‘light touch’ ideal.”

Marcus Rowell wrote: “30 minutes to install minor macOS updates. This is a serious hurdle in getting users to stay up to date.”

Bernardo Prieto wrote: “macOS Big Sur has been a very interesting leap forward, but full of complexities and rough edges. I’m all in for the changes related to security, but I feel that Apple frequently forgets that there’s a user base of enterprise customers that need to perform tasks in a massive and efficient way. Imaging is death, yes, but the alternatives are a moving target and with each minor version of Big Sur there are new things to learn, fix and adjust in order to have a streamlined deployment process.”

Jason Broccardo wrote: “I sometimes feel like I am one of the few people who likes Big Sur more than Catalina, but despite preferring it I can’t escape how disappointed I am in aspects of the new OS that were supposed to be better — Software Update, System Extensions and the UI. The UI is the least problematic of these three, but I must say I am aghast that as of 11.3 Apple is still shipping to customers a UI lacking expected fit and polish. The behavior of system extensions confounds me. For a mechanism that is supposed to be removed from the system, why force users to restart? Why is approval, set via config profile, not always respected? How can updates to the OS ‘forget’ past approvals? I appreciate Apple’s efforts to make the OS more stable and safer by getting third parties out of the kernel, but feedback from various vendors gives me the impression that Apple has not provided them the tools and support they need to succeed with Apple’s changes, even if they are putting in the effort. Software Update is horribly broken, and I have to keep explaining this to my company’s security team and management when discussions of OS patching comes up. Apple broke the ability to reliably use softwareupdate from the CLI or via script to mass automate the process and attempting to use MDM ‘Download and Install Updates’ commands still either fail or result in unacceptable behavior (randomly restarts with no warning to the user, fails to properly install expected updates). I just want to be able to manage software update for my fleet with a high amount of certainty and reliability. Let me be able to tell 700+ Macs all at once to update and have them able to do it properly. Or be able to push an update command to 300+ iPads mounted in conference rooms and not have it be a crapshoot.”

Andrew Laurence wrote: “Apple’s modus operandi is to ship both hardware and software with management functions that are incomplete, barely functional, or entirely absent. We are used to the first three-to-six months of each OS to be strife, instability, and incomplete management function. Enterprise vendors are likewise accustomed to this and often do not begin developing updates until after Apple’s public releases. Thus, enterprise customers must contend with users who want the new shiny while the same products cannot meet the business’s requirements. This state continues for weeks or months while IT crews file feedback, communicate as widely as possible, try to hold off the hordes, and hope that updates put things right.”

Graham Pugh wrote: “iOS remains solid. macOS is getting messier. Upgrading in the enterprise is far too difficult.”

Patrick Wardle wrote: “Apple continues to struggle with the consistency of updates, and often pushes out updates that leave us scratching our heads. A quick example: The Network Extension Framework (that was pushed upon devs as Network Kernel Extensions were deprecated), is riddled with bugs and issues such as kernel panics and conflicts. Moreover, there are some clear missteps, such as deciding to exempt certain network traffic from the Network Extension Framework which could be abused by malware to bypass 3rd-party firewalls. However, all is not bad. Rosetta 2 is an innovative and magical piece of technology and is/ will assure the wide-spread adoption of M1 systems!”

Jason Harrison wrote: “Real-world issues surround Apple’s move towards forcing updates after 90 days & issues with remote management of Apple software updates. Forcing MDM use does not always fit a given environment for various reasons, so Apple really needs to rethink the direction on this one key topic. Don’t make it more restrictive and conditional to remotely manage software updates for remote admins – make it better / easier. Right now, it feels like Apple took a step in the wrong direction.”

Allister Banks wrote: “Continued poor manageability of System Extensions (I still get prompts to approve Apple’s extensions every update?!), and zero optimizations for universal apps causing everyone to ‘wait and see’ on adoption while relying on Rosetta indefinitely. Vendors are releasing forks for each platform instead of universal because that was the only Rosetta blind spot – Apple silicon-specific binaries have no size reduction. All in all, Big Sur and the arm64 release were not bad, though.”

Kevin M. White wrote: “As an OS Big Sur seems more reliable than Catalina. However, security changes in Big Sur and Apple silicon are a real problem for enterprises that rely on legacy enterprise tools (AV, VPN clients, etc.).”

Bart Reardon wrote: “iOS always tends to be pretty solid out of the gate. Feels like every year though we are starting with a buggy macOS that only settles in around April. In June we get a new macOS beta to test and verify which means every year we get maybe three months at best of not dealing with a super buggy OS. Most of the issues stem from trying to shoehorn whatever new restrictions Apple has put in to the OS into existing environments. Apple needs to understand that enterprise doesn’t move that fast and in many cases, can’t move that fast. A tick-tock cadence would be super helpful here.”

James Smith wrote: “Apple really needs to work on Software Update and providing reliable methods for updating a large fleet of devices without having to resort to third-party tools.”

Justin Orr wrote: “Software QA continues to be a nightmare. Each new release breaks things that should never have made it past the alpha stage. Apple has clearly embraced a ‘move fast and break things’ approach that is not in line with the quality and reliability Apple had been known for in the past.”

Tom Bridge wrote: “Big Sur is an improvement over Catalina, but Apple’s inability to drag EDR and other Security and Network vendors into using the new System and Network Extension technologies has hindered rollout.”

Security and Privacy

Grade: A- (average score: 4.1)

This was, unsurprisingly, Apple’s other top-scoring category in our survey. Apple’s focus on user privacy was applauded. Issues with software updates reappeared, because if there’s a security problem with an urgent fix required, that requires a software update. And the sheer number of vulnerabilities that Apple had to address in the past year made many of our panelists uncomfortable.

Bryan Heinz wrote: “Apple continues to not fully embrace security researchers, which hinders its platforms’ security.”

Bart Reardon wrote: “Apple has built a lot of trust in its handling of privacy and it is evident in its software. Often I get requests to recover or unlock something or whatever and a lot of the time the answer is, ‘I can’t. Apple can’t. Congratulations on your new brick.’ While inconvenient and at some times annoying, it does show the protections that are built in to protect users data and privacy.”

Armin Briegel wrote: “Apple has to get huge credit for the excellent documentation, not only with Platform Security Guide, but several support articles that document relevant topics like firewall settings that have been updated frequently. But the catastrophe that is the software update mechanism actually makes it harder, if not impossible for organizations to keep their macOS clients up to date. Remote Locking on Apple silicon hardware still allows a user to erase and re-use the device. In addition: many of the security settings recommended in the popular CIS and NIST benchmarks cannot be managed through the MDM protocol. They require custom scripting from admins. It would be nice if Apple made these common controls more manageable.”

Andrew Laurence wrote: “Apple’s approach to user privacy gets top marks, even to a fault. The requirements for the user’s approval of Camera, Microphone, and Screen Recording are to be applauded. The fact that enterprise IT cannot pre-approve the company’s remote support toolset creates an unresolvable tension. This pain point was particularly acute during the pandemic’s remote work. Apple’s disclosures are minimal to the point of malice. That Apple did not disclose the malware exploit of 128 Million iPhones is unconscionable.”

Dave Fisher wrote: “Apples stance on Privacy is to be applauded. However, it feels like recently there have been a number of exploits in the wild that require urgent updates. Given the issues with updating devices in an enterprise environment, this is very unwelcome.”

James Smith wrote: “I have been impressed with how quickly a lot of vulnerabilities have been patched on macOS, but it would be great if these had not been there in the first place.”

Graham Pugh wrote: “I would like to see more assertiveness from Apple against third-party security products that provide no additional security.”

Kevin M. White wrote: “New security features are generally great ideas. However, the implementation and management for many of the new security features are often poorly implemented in the MDM frameworks.”

Charles Edge wrote: “The primary challenge in the Apple ecosystem is now finding harmony where security (which begins with telemetry) and privacy (which is about the choice of what information to provide access to) meet. Organizations with vigilant security postures need to know more about what is happening on devices. We can accept the spin that we need to trust our users and they’ll do great things, but that doesn’t scale in large organizations with personally identifiable information like social security numbers, financial information, medical information, etc. This isn’t an Apple thing as much as a defining characteristic of this wave of ubiquitous technology.”

Cameron Kay wrote: “The privacy thing is a real pain in the enterprise. We can’t automatically enable our screen sharing software to provide remote assistance to our users and they have to jump through so many hoops to get things working.”

Patrick Wardle wrote: “While Apple shines in the arena of privacy (arguably more than any other vendor), in terms of security the reality is, it clearly struggles. There are countless examples, but one clearly illustrative example is CVE-2021-30657. This bug was incredibly shallow (stumbled upon by a security research via a legitimate developer tool), incredibly powerful, and used as a zero-day by malware authors.”

Tom Bridge wrote: “While Apple’s insistence on Privacy as a Human Right and Security as a top-level feature come with administrative overhead that can, at times, drive an administrator to distraction, the protection and comfort this provides our end user continues to be worth the tradeoff.”


Grade: C- (average score: 2.8)

Ouch. This was the lowest average score on the entire survey. Kind words for Automated Device Enrollment were tempered with many, many, many frustrations with a broken software update system.

Bryan Heinz wrote: “Big Sur has had loads of Software Update bugs. It’s been a real dumpster fire and it’s still slow and the updates are bloated. Delta updates are 3GB+ and it’s taking ~20 minutes post-reboot to install. For comparison, Debian Linux installs everything live and reboots to the new kernel in 30 seconds.”

John Welch wrote: “Deployment at the OS level is a solved problem. At this point, it’s which tool do you like the most.”

Peter Wells wrote: “I need to mark Apple down because of the changes to upgrades. I have over 1000 Macs in shared environments—it makes no sense to get someone to manually upgrade them via System Prefs.”

Graham Pugh wrote: “Apple has a fundamental lack of understanding of how difficult it is to enforce upgrades and updates on the Mac platform.”

Bart Reardon wrote: “Automated Device Enrollment is generally pretty good, and while it continues to mature, the process is let down by the built-in commands to push updates to macOS 11 devices being lackluster at best and requires use of other tools or workflows to get the job done. Good, but plenty of room for improvement.”

Armin Briegel wrote: “Automated Device Enrollment got a long awaited new feature in Big Sur: Auto-Advance, which finally allows for ‘real’ zero-touch deployment of Macs. This is especially important for lab/classroom style deployments. In addition, Apple has started provided full installer downloads. This is a huge improvement, as it allows admins to test the deployment workflows during the beta phase. Even so, tools like startosinstall, which admins use to automate upgrades and re-installations of macOS, were basically broken until 11.2. On Apple silicon, Apple requires user authorization even for scripted workflows, which makes them unsuited for some deployments. While Apple has made great improvements to some documentation, these features remain shamefully under-documented.”

Bernardo Prieto wrote: “With the argument of security and privacy of the users, Apple has made it terribly difficult to deploy devices in an enterprise-like streamlined way. Yes, DEP (ABM) is there and it works really well (even from home), but it doesn’t cover all the use cases and we are pushed to create special procedures here and there. Additionally, ABM doesn’t offer an automated way to pre-deploy the devices (massively) in order to deliver them fully prepared. This really hinders our onboarding process forcing us to welcome the users and them taking them to a desk just to go through the first few screens while connected to the network.”

Jordan Merritt wrote: “Apple School Manager integration with Jamf has been great! The School manager UI could use some more verbose details but overall it’s pretty good and has worked well for us without any issues.”

Tom Bridge wrote: “Apple has completely broken OS Upgrades, and Software updates. App deployment has to be handled through third-party solutions. Automated Device Enrollment is great, but Apple has a lot of work to do here to make this category not hated by its admins.”

Kevin M. White wrote: “Automated Device Enrollment is truly transformative for many organizations. However, mechanisms and workflows to update both the OS and apps aren’t getting better, and in some cases are even worse than before.”

Allister Banks wrote: “DEP-based deployment fails over 30% of the time in the real world, and Apple introduced auto-advance, which requires a controlled environment which none of us have.”

Jason Broccardo wrote: “We still use a ‘white glove’ setup with IT staff preparing Macs in advance for users because we can not rely on the Automated Device Enrollment process to work 90% of the time let alone 100% of the time. As an example, this issue hit us when we tried deploying MacBook Airs last summer. I would love to have enough faith in Apple’s services to drop ship laptops to users, have them turn them on and then follow a few instructions to provision its laptops, but I can’t trust a system that 60 percent of the time works every time.”

Anthony Reimer wrote: “Deployment hasn’t kept up with security implementations. Without a supportive Mac admins community, most organizations would be hooped.”

Nick Derevjanik wrote: “Apple is making the OS update process almost impossible for enterprise administrators. As soon as I think I have an update process that works reliably, something changes and the process breaks. The fact that the built-in OS update payload available through Jamf pro is being deprecated is putting us in a very difficult situation. Triggering a remote command through the API is not a viable option when you cannot control a major vs minor update, especially in an enterprise environment where we may have some teams that use software and tools that may not yet be supported in the latest iteration of the operating system.”

Andrew Laurence wrote: “Apple’s concepts of customers’ needs for deploying and managing updates and upgrades are farcical. Despite the urgency of security updates, customers have scores of applications and processes that require vetting before updates can be released. Other vendors’ products are often critical path bottlenecks to deploying new OSes or updates; these change control constraints are not subject to Apple’s whims.”

Tom Case wrote: “Removing custom software update catalogs is an absolute nightmare, and is woefully unsuitable for an enterprise education environment where we have to have strict testing and deployment policies. Not being able to manage these in macOS 11+ is unacceptable.”

Keith Medlin wrote: “Still worst-in-class management only provided by third parties, and even then the vendors complain about Apple’s poor communication and decision making. There is only room for growth at this point.”

Peter Donato wrote: “The transition from kernel extensions to system extensions is an utter nightmare for Mac admins and vendors alike. Aligning the transition to occur at the same time as a major OS release as well as the Intel to ARM processor transition is a terrible schedule.”

Justin Orr wrote: “OS Upgrades are the one place where Apple has taken a huge step back here by not allowing admins to hide OS upgrades. App deployment through MDM with the App Store as a source continues to be unreliable.”

Andrew Robinson wrote: “DEP is mainly my focus, and it’s a hit-and-miss proposition, but with no competition that comes close. However, that gap is closing.”

Dave Fisher wrote: “Software updates continue to be problematic with Apple devices and the move to M1 does not show signs of improvement. Access to reliable and controllable software updates is key for an enterprise admin and needs much more focus.”

James Smith wrote: “Automated Device Enrollment is great, but needs to be available in all countries worldwide.”

Stephen Short wrote: “Automated Device Enrollment is helpful and slick—when it works. The root cause of unreliable device enrollments is that it’s too easy for a user to bypass the Remote Management pane in Setup Assistant. Sometimes there’s a network issue on the end user’s side, or Apple is having server-side issues (even though the Apple Status page may show green for DEP). Sometimes a knowledgeable user may purposely not connect to wifi in Setup Assistant, thereby bypassing a standard corporate setup. iOS and iPadOS devices will not allow a user to reach the Home Screen when they are associated with an org’s automated enrollment unless valid credentials are entered by the user. And most importantly, the user must connect to the internet to authenticate. macOS simply needs to mimic that functionality, and the issue would be resolved. For orgs that don’t like that? Allow an org to not require an internet connection to setup managed macOS devices. But it should never be the default behavior.”

Cameron Kay wrote: “Automated device enrollment is good. I wish Apple had an enterprise data migration tool for moving a user’s data from their old Mac to their new one. Migration Assistant is a joke and breaks MDM enrollment.”

macOS Identity Management

Grade: C+ (average score: 3.3)

This was a category where large sites and education rated Apple notably lower than smaller sites and business customers did. That’s because enterprise authentication and authorization has been moving toward federated identity providers for a long time, and Apple was slow to add SAML or Oauth support. And yet what each customer wants seems to be different. Apple earned praise for supporting Azure federation, but many panelists cited a broad inconsistency in the availability of different sign-on systems. That caused frustration for the need to use third-party software like Jamf Connect as marks against Apple’s approach to macOS login management. In general, customers are moving away from legacy authentication systems in droves and aren’t sure that Apple has a solid story around what the future will hold.

Jordan Merritt wrote: “We’re looking into Jamf Connect now. Currently using Apple Enterprise Connect for password syncing, but I feel like Apple wasn’t ever fully behind deep development and maintenance of the product.”

Bart Reardon wrote: “This was the year I switched from using AD bind to using the Kerberos SSO Extension for identity management. So far, following the documentation Apple provided, it has been a big improvement—especially with a lot of people being off-premises and not connected to AD. I have heard many people have issue with this, but for our environment it’s been excellent.”

Kevin M. White wrote: “Azure federation for Apple ID is a good start, but more IDPs are needed. However, a huge missing feature is modern macOS login management. Thus necessitating third-party software like Jamf Connect to provide this functionality.”

John Wetter wrote: “Azure federation was a needed move, simpler SSO and crossing to web services is needed.”

Armin Briegel wrote: “Apple is showing some progress in these areas, but so far they are a bit underwhelming. For all but the simplest integration, the third-party and open-source tools available are still superior. Some blame may be on the third-party vendors (such as Microsoft) for not supporting these technologies yet. I am looking forward to WWDC to see which improvements macOS 12 will bring.”

Cameron Kay wrote: “Apple needs to integrate Azure AD into the Open Directory system and enable users to login as their Azure AD username & password from the login window on the Mac like the have with on-premises AD.”

Bernardo Prieto wrote: “The Single Sign On extension has been a game changer for us and we feel we can finally forget of AD binding and other issues that cam from it. I feel it still has some possible improvements, particularly adding more options for the GUI and integration to in-house developed applications.”

Keith Medlin wrote: “Everything is a promise right now and we’ll see how it implements. The whole iCloud account management is a joke that only burns people. Waiting 14 days on what’s clearly an enterprise device so Apple can use the same consumer-grade tool with enterprise customers is flat out stupid.”

Andrew Laurence wrote: “Apple’s efforts on identity management are frustratingly finite and incongruous. The Kerberos SSO plugin remains work in progress and does not functionally replace its progenitor, Enterprise Connect. While the native Mail/Calendar clients support OAuth, macOS accounts can only reach federated identity providers with the help of third parties. Apple School Manager federates with Azure AD, but not other providers. Last, Apple discourages the binding of Macs to Active Directory, but binding is required for macOS to use DFS file share paths.”

Allister Banks wrote: “You have to pay Jamf for an actual SSO solution (no matter how crappy its actual primary MDM service is to access as an admin). Apple makes this insecure by only supporting the most Microsoft of Microsoft setups that barely anyone actually leverages in the environments in which Macs get used.”

Tom Bridge wrote: “This is a place where the only thing going for Apple is its implementation of modern authentication during Automated Device Enrollment, but that isn’t enough to push the needle upwards above a really failing grade.”

Marcus Rowell wrote: “macOS Identity Management holds promise but is half baked. Put some resources into getting the basics like Azure AD and G-Suite auth working.”

Graham Pugh wrote: “Let users set up their account with a managed Apple ID in the same way they can with a personal one.”

Stephen Short wrote: “An org should not have to rely on third-party software or its MDM vendor to generate a new user account during device enrollment. Apple Business/School Manager’s SCIM provisioning with Azure AD is a start, but what about other IdPs like Okta?”

Charles Edge wrote: “The SSO extension and Single Sign-on framework are great early-cycle APIs to build on. SAML, OIDC, and emerging options mean this whole industry still feels in flux. I love that Apple is actively working with IdPs and releasing its own options for consumer use. I also feel like based on what it has made available thus far that the documentation is sufficient and we can reliably code against it.”

Mobile Device Management protocol and infrastructure

Grade: C+ (average score: 3.2)

The average score doesn’t reveal the polarization of the opinions about MDM. Some panelists had strong praise, while others feel it just doesn’t deliver. There’s a general sentiment that Apple’s tools are improving, but not fast enough—requiring a lot of extra work.

Bernardo Prieto wrote: “It just works—until it doesn’t. I think that the MDM has been incrementally improving in several ways. However, it still lacks two things: The ability to send MDM commands from a CLI or scripts, and a log or some other troubleshooting mechanism that helps admins understand what can be making a command fail when that happens, because it requires a lot of guesswork.”

Charles Edge wrote: “Since Apple released MDM in 2010 we’ve struggled with the reliability of various services. The ecosystem partners put a lot of effort into logic to obfuscate scenarios where endpoints aren’t accessible – but anyone who’s had to set up thousands of devices for schools or field calls from users who we sent a device to for zero touch enrollment on a day when a service isn’t available knows how challenging these services can be. When we could set devices up in a walled garden with monolithic imaging workflows we didn’t need those services. But now we have to rely on the MDM-provided software update options and so need more mature tooling to ensure devices stay up-to-date and in a known state that matches our security posture.”

Jordan Merritt wrote: “Definitely happy with the state of our Mac and Apple device management, but I would like to see Apple have more frequent and more verbose communication about any MDM related information. It focuses heavily on developers, and the more accessible information and documentation is geared towards that.”

Kevin M. White wrote: “Features in the various OSes advance much more quickly than Apple adds equivalent features to MDM. This is easily the biggest failing in Apple’s enterprise game. Also the near-zero lack of MDM management for built-in applications like Safari is still a significant omission.”

Armin Briegel wrote: “Configuration profiles, which generally work well on macOS to control settings, cannot be used for many settings and administrators have to fall back to custom scripting. Since the MDM protocol relies on the Mac App Store for application deployment, all the downsides of the Mac App Store and its exclusive rules also drag it down. It is unclear what the acquisition of Fleetsmith means for Apple and the future of MDM, but this could be interesting.”

Dave Fisher wrote: “In my opinion MDM functionality should be a ‘set and forget’ technology. The fact that MDM profiles are able to be overridden by local users (even if they are admins) is not understood or accepted by the clients I work with. We are currently having to extend a client’s MDM using custom scripts to check and reset configuration that is supposedly controlled by MDM profiles. This isn’t acceptable to my end clients.”

Timothy Hellum wrote: “We rely heavily on DEP to leverage machine starts with our MDM. Other than that, I see no evidence of MDM within Apple frameworks at all – Configurator notwithstanding because it’s so under-featured as to be useless.”

Cameron Kay wrote: “Flaky and incomplete.”

Justin Orr wrote: “MDM commands are slow to take effect at best and completely unreliable at worst.”

Peter Donato wrote: “The processes are getting more mature, but why not create an enterprise management utility to help Mac admins properly deploy and manage their devices versus relying on other vendors (ie. JAMF, Workspace One and even InTune!) to do so on their behalf?”

Keith Medlin wrote: “I’d love to know what Apple thinks has improved! The level of enterprise control over Apple devices compared to peer OS including mature Linux distributions and Windows is outrageously behind the curve.”

Andrew Robinson wrote: “Despite some obvious missteps, Apple still leads in MDM (I mean, it invented the damn thing) but again, that gap is closing.”

Nick Derevjanik wrote: “MDM commands have definitely improved but there is still room for more improvement. They can be unreliable at times.”

Tom Bridge wrote: “MDM enables some cool features, like FileVault 2 Key Escrow, and the deployment of custom admin-created packages through MDM. However the lack of idempotency in the MDM configuration makes it management via UDP, instead of proper management via defined state. Apple badly needs an enhancement for the MDM policy to provide for updateable policies, periodic checks to ensure the device is in spec with the MDM service, and more.”

Viktor Glemme wrote: “Still missing so many things. It’s hard to manage end user devices with some settings not able to be controlled by MDM or non-admins of machines, leaving you to allow users to be admins because there is no better way.”

John Wetter wrote: “Not nearly enough is changing. No known state, commands still fail for unknown reasons, it’s all just too fragile.”

Jason Broccardo wrote: “This is also the one area where I think this is more the vendors than Apple that need to deliver.”

Bryan Heinz wrote: “MDM is still unreliable and full of bugs which can be summed up by having a profile that inexplicably will not install on just 3 M1 Macs with a generic and non-helpful error returned that isn’t documented anywhere.”

Peter Wells wrote: “MDM is very reliable.”

Graham Pugh wrote: “MDM is still too unreliable and too much of a black box.”

Stephen Short wrote: “Apple requires a user to authenticate on macOS devices with Apple silicon to proceed with a macOS software update. Orgs used to rely on the softwareupdate command to force compliance, and now must rely on increased user communication and 3rd party solutions like revoking device trust as a consequence of a user not updating. Recent Apple documentation seems to steer admins to use the MDM commands for software updates, however even with macOS 11.3 it is unreliable at best, and a waste of limited admin resources and time at worst.”

Bart Reardon wrote: “If there was one thing I could request it would be to allow for re-enroll of MDM profile that has been set to be un-deletable. For whatever reason this is impossible to do and we have numerous devices whose MDM profile is no longer valid for whatever reason and as a result the only recourse is to wipe them, which is an overly drastic action, in my opinion. In the interim I have to set my MDM profile to be deletable which obviously opens up the possibility that users can remove managed devices from MDM. Other than that, it’s pretty good.”

Andrew Laurence wrote: “If the protocol works, and is adequately supported by one’s MDM vendor of choice, things tend to work well. However, any vendor’s claims of ‘day zero’ support is, at best, artful deceit. The lack of a worthwhile first-party MDM solution is stunningly neglectful.”

The Future of Apple in the enterprise

Grade: B- (average score: 3.4)

Big picture time. Panelists were asked how confident they felt about the future of Apple in the enterprise in the next one to five years and how the company’s decisions will help IT administrators in the enterprise manage Apple devices. If this is a proxy for the optimism of the panel, we’d say that they are optimistic—but guardedly so. Smaller sites were a bit more optimistic than larger ones, and panelists in business were more optimistic than those in education.

Keith Medlin wrote: “I think we’ll continue to see Apple get lower market share in the future. Its overpriced devices no longer offer the same total cost of ownership they did a decade ago. Its innovation has stagnated to the point of irrelevance. The tight integration with its device ecosystem is great, but without world-class enterprise management tools, why bother?”

Dave Fisher wrote: “A lot of the folks I support are developers who use virtualization and containerization during their day to day tasks. The lack of Intel compatibility will be an issue for some of these who support legacy systems or who develop specifically for Intel environments. I see some of these users moving from Mac to Linux to retain this capability. Current hardware is obviously a bridgehead, so will be good to see the specs of the ‘real’ Pro hardware that’s been in development. No one I work with is rushing to buy a current M1 Mac.”

Bryan Heinz wrote: “Apple’s decisions over the last five-ish years have done nothing but hurt enterprise support. Its lack of documentation and testing in the enterprise is painful for us. Lucky for Apple that people still enjoy its devices enough for us to put up with it.”

John Welch wrote: “I think by almost any metric, Apple does a better job for the enterprise. Its design philosophy continues to pay off in ways Windows et al can’t come close to.”

Peter Donato wrote: “People (like me) love macOS, so we’ll always find a way to include in within the organization, even if it does mean struggling to compensate for the lack of enterprise tools needed to manage the devices easily.”

Armin Briegel wrote: “I believe Apple builds the best consumer electronics right now. Because of this, there is much demand in education and businesses for iPhones, iPads, and Macs. Success stories like Jamf, IBM and SAP have created huge interest, opening doors for Macs in areas where they had not been considered traditionally. This momentum is Apple’s to squander. If it is not willing to support anything but the ‘light touch’ deployment and management strategy, this opportunity will be missed. There are already deployment models that require an unreasonable effort or are outright impossible with Macs, such as shared-use classrooms, or air-gapped computers. When Apple designed the new Mac Pro, it hired a team of pro users to understand their workflow requirements. Apple needs a similar effort to understand the workflows and requirements of Mac admins and their businesses.”

Andrew Laurence wrote: “Business customers prize stability of procurement and processes, and the ability to wed product capability with business requirements. Apple’s effectiveness in the enterprise is constrained by its penchant for secrecy and lack of priority for the purchasing customer who is not the end user. I fear that, so long as Apple’s management and developer teams are not themselves MDM-managed and restricted, and do not use their Macs as standard (non-admin) users, enterprise use cases will not be prioritized.”

Cameron Kay wrote: “Apple only provides lip service to the enterprise.”

Stephen Short wrote: “Things are slowly improving, but there is so much more that can be done to both save admins’ time, and provide an excellent end user experience. Great example: erasing a Mac and reinstalling macOS. It would be great to have a default config stored in another APFS container to speed the reset process to an org’s desired default state. Less time to wait for X version of macOS to download, almost like a content cache. Another pain point: allow devices in automated enrollment to enforce a minimum OS version. Sometimes a Mac shipped directly to an employee has the previous version of macOS, or a version known to cause issues during the initial config due to a bug of some sort. If a Mac ships with macOS 10.15.7, allow IT to set a minimum OS of 11.3.1 to download and install before the user reaches the desktop. Also: the MDM device lock command only works on Intel, and does not work on Apple silicon devices. A user could easily boot to Recovery without the need to enter a lock PIN and wipe the Mac.”

Tom Bridge wrote: “Over the last few years, Apple has both moved the ball forward with key hardware metrics around service and support, and fumbled easy wins with software updates and the migration to System and Network Extensions. There are so many places where working with the MDM protocol and with User Identity could be substantially better, and where making those improvements will enable IT departments to say ‘Yes!’ more easily to increasing the size of their Mac and iOS fleets. The current status of BYOD enrollments for iOS is a non-starter with many organizations due to the reliance on Azure AD for Managed Apple IDs, to the detriment of Apple. Apple has incredible hardware, and a privacy and security story that is best-in-industry—it just needs to bring to bear those same talents on making MDM, Software Update, Patch Management and Identity. Right now, it feels like these are afterthoughts, and admins have to do all the innovation and hard work to make Apple successful in the enterprise, while not providing admins better tooling to make their lives easier.”

Allister Banks wrote: “The enterprise’s money is still green, but considering Apple removed all direct large business sales in 2020, it will most likely not improve (and can’t get much worse). Certain enterprise teams at Apple are the tenuous thread to sensibility (if you know someone who knows someone).”

Kevin M. White wrote: “Apple’s extreme privacy focus and the long-term transition to Apple silicon for macOS will result in a much better platform for enterprise, but at the cost of breaking many legacy enterprise practices. In the short-term, this transition will be a pain for many enterprise professionals.”

Jordan Merritt wrote: “Absolutely confident that Apple is invested in the enterprise space, especially education and higher ed. I do hope that with big players like Jamf it will continue to grow in the MDM and enterprise space and release things even quicker for us, along with the nice-to-haves it releases.”

Graham Pugh wrote: “It’s not easy to manage Mac, but Apple is too popular to consumers to fail in the enterprise. iOS is easier, and I’m hopeful that macOS will catch up eventually.”

Anthony Reimer wrote: “I’m confident in the future of Apple devices in the enterprise. I have confidence in the people they have hired from the Mac admins community. I am not confident that Apple’s decisions will help system administrators.”

Bart Reardon wrote: “While I think there will always be Apple devices in enterprise, when specifically talking about the macOS space I get the distinct impression that Apple is putting in effort, and individuals within Apple understand specific issues (not just our business contacts and account managers but also engineers that at times reach out, likely without official permission I’m guessing), Apple as a company is struggling to understand what supporting enterprise actually means. A lot of the issues we bump up against seem to come from the perspective, ‘Why would you do it that way? Do it our way.’ Apple sometimes misses the fact that not everyone can just change processes or infrastructure on a whim to support whatever Apple wants to do. It’s getting better, though, and at the very least it seems that this is an area Apple is wanting to improve.”

Andrew Robinson wrote: “In general, I’m more optimistic than in the past, as Apple seems to be more enterprise focused than ever before.”

Justin Orr wrote: “Though Apple continues to talk up enterprise support and management solutions, its actions show that it clearly either does not care about or simply does not understand the needs of organizations supporting fleets of company-owned devices.”

Peter Wells wrote: “Right now it’s one step forward, two steps back.”

Nick Derevjanik wrote: “I am concerned that Apple is going to make managing devices in the enterprise more and more difficult in the next few years. I understand wanting to protect users privacy and allow them to self manage as much as possible but that is not always desirable in the enterprise.”

Timothy Hellum wrote: “I highly suspect Apple will completely abandon the enterprise space within the next couple of years or so.”

Bernardo Prieto wrote: “I’d love to be sure it has a positive future with the enterprise users front and center, but every change I see seems to go on the opposite direction. As an example, as an enterprise user with a dozen of Mac Minis in a data center, I am really missing a mechanism to have unattended OS upgrades; until some weeks ago, at least we had some tools to achieve that through the softwareupdate command, but that was removed and on the M1 it’s documented that it is not possible at all… which means going to the data center and sit in front of those minis, one by one triggering the upgrade, and spending a day of my time doing that menial task.”

Charles Edge wrote: “I remain bullish on the Apple brand increasing and getting better tooling in organizations. We’ve seen an explosion in the ecosystem of vendors who support Apple’s presence and when it’s able to do so securely, we see new APIs from Apple to enable ecosystem partners in a thoughtful manner. Apple is far more deliberate about what features are made available to management and deployment technologies. As engineers and architects we can get frustrated by the latency that comes with managing Apple’s rapid release of innovations. However, the deep level of consideration involved keeps the whole safer, from the consumer to the enterprise.”


Thanks to Kandji for commissioning the survey, and to Tom Bridge and Charles Edge of the Mac Admins Podcast for their help in analyzing the results.

And finally, thanks to the participants. Participating in this survey were Everette Allen, Allister Banks, Tom Bridge, Armin Briegel, Jason Broccardo, Beans Brown, Jacob Burley, Joaquín Cabrerizo, Rob Calvert, James Capen, Tom Case, Brad Chapman, Adam Codega, Craig Cohen, Jeffrey Compton, Horace Dediu, Nick Derevjanik, Peter Donato, Charles Edge , Dave Fisher, Viktor Glemme, Emily Handa, Jason Harrison, Bryan Heinz, Timothy Hellum, Cameron Kay, Fridolin Koch, Brandon Kostelecky, Glenn Kowalski, Andrew Laurence, Kevin M. White, Christian McCusker, Keith Medlin, Jordan Merritt, Harald Monihart, Alex Narvey, Justin Orr, Matt Parker, Bernardo Prieto, Graham Pugh , Bart Reardon, Anthony Reimer, Adam Rice, Andrew Robinson, Marcus Rowell, Maurits Sanders, Adam Selby, Stephen Short, James Smith, Kate Sprague, James Stewart, Mike Stirrup, Patrick Wardle, David Watkin, John Welch, Peter Wells, John Wetter, Tony Young, and 25 others who wished to remain anonymous.

If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.

Search Six Colors